CLAIM AMENDMENTS 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

1 . (Currently Amended) A method, comprising: 

authenticating, during a pre-boot phase of a client, a boot server on which an 
operating system (OS) boot image is stored; 

downloading an OS boot image from the boot server if it is authenticated; and 

loading the OS boot image on the client[[;]] . wherein a shared secret is stored at the 
client and at the boot server, wherein authenticating the boot server includes: 

generating a random value at the client: 

transmitting the random value to the boot server; 

receiving an encrypted value at the client, the encrvpted value encrvpted at the boot 
server using the random value and the shared secret stored by the boot server: 

decrypting the encrvpted value at the client using the shared secret stored by the 
client: and 

comparing the random value with the encrvpted value that is decrypted. 

2. (Canceled). 

3. (Currently Amended) The method of claim [[2]] i, further comprising provisioning 
the shared secret to at least one of the client and the boot server during a one-time 
provisioning event such that both the client and the boot server have access to the shared 
secret. 
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4. (original) The method of claim 3, wherein the shared secret is provisioned using an 
Extensible Authentication Protocol (EAP message) exchange between an authenticator EAP 
server and the client. 

5. (original) The method of claim 3, wherein the shared secret is provisioned from the 
client to the server and is formulated via a key that is generated by a trusted platform module 
stored by the client. 

6. (original) The method of claim 3, wherein the shared secret is provisioned using a 
take ownership protocol under which one of a user or administrator takes ownership of a 
computer system by providing authentication credentials for that system.. 

7. (original) The method of claim 6, wherein the take ownership protocol comprises 
provisioning authentication credentials via one of the following: provisioning authentication 
credentials on the client via an out-of-band channel, enabling a user to enter authentication 
credentials via a local console, and imprinting the client with authentication credentials via 
remote entry of the authentication credentials by a system administrator. 

8. (original) The method of claim 1, wherein the boot server is authenticated using an 
authenticated dynamic host configuration protocol (DHCP) message exchange process. 

9. (Currently Amended) The method of claim [[2]] 1, further comprising authenticating 
the client prior to allowing a client to download an OS boot image. 

10. (original) The method of claim 9, wherein the client is authenticated using an 
authenticated dynamic host configuration protocol (DHCP) message exchange process. 
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1 1 . (Previously Presented) The method of claim 9, wherein the client is authenticated by 
performing the operations of: 

encrypting the shared secret stored at the client; 

passing the encrypted shared secret to one of the boot server and an authentication 
proxy for the boot server; 

decrypting the encrypted shared secret at said one of the boot server and the proxy for 
the boot server; and 

comparing a shared secret stored at said one of the boot server and the authentication 
proxy for the boot server with the encrypted shared secret that is decrypted. 

12. (original) The method of claim 1, further comprising: 
generating a session key; and 

4 

employing the session key for encryption and decryption of data transferred between 
the boot server and the client. 

13. (original) The method of claim 12, further comprising: 

updating the session key at some point during download of the OS boot image; and 
employing the updated session key for encryption and decryption of data transferred 

between the boot server and the client while downloading a subsequent portion of the OS 

boot image. 

14. (original) The method of claim 1, wherein the shared secret is derived from the 
combination of a user login and a password corresponding to the user login. 

15. (Currently Amended) A computer system, comprising: 
a processor; 

memory, coupled to the processor; 
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a network interface, coupled to the processor; 

a firmware storage device, coupled to the processor; having firmware instructions 
stored therein that when executed on the processor cause operations to be performed, 
including: 

interacting with a boot server via messages sent to and received fi^om the boot 
server through the network interface during a pre-boot initialization phase of the 
computer system to authenticate the boot server; 

downloading an OS boot image fi-om the boot server if it is authenticated; and 
loading the OS boot image into the memor y, wherein a shared secret is stored 
at the computer svstem and at the boot server, wherein the boot server is authenticated bv 
execution of the firmware instructions to fiirther perform operations including: 
generating a random value at the computer svstem: 
transmitting the random value to the boot server: 

receiving an encrvpted value at the computer svstem, the encrypted value encrypted 
at the boot server using the random value and the shared secret stored by the boot server: 

decrypting the encrypted value at the computer system using the shared secret stored 
by the computer system: and 

comparing the random value with the encrvpted value that is decrypted. 

16. (Canceled). 

1 7. (original) The system of claim 15, wherein the boot server is authenticated using an 
authenticated dynamic host configuration protocol (DHCP) message exchange process. 

1 8. (original) The system of claim 17, wherein execution of the firmware instructions 
fiirther performs authentication of the computer system via the authenticated DHCP message 
exchange process. 
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19. (original) The system of claim 15, wherein the OS boot image is served from the 
boot server in an encrypted form, and execution of the firmware instructions fiuther performs 
the operation of decrypting the OS boot image. 

20. (original) The system of claim 19, wherein execution of the firmware instructions 
further performs the operation of interacting, via a message exchange, with the boot server to 
agree on a session key that is used to encrypt and decrypt the OS boot image. 

2 1 . (Currently Amended) The system of claim [[ 1 6]] 15, further comprising a trusted 
platform module, operatively coupled to the processor and storing an ownership token that is 
used to formulate the shared secret. 

22. (original) The system of claim 21, wherein the ownership token comprises a key that 
is instantiated via the trusted platform module. 

23. (Currently Amended) A tangibl e machine-readable media providing instructions to 
perform operations on a computer system, including: 

interacting with one of a boot server or authentication server via messages 
generated by the computer system and sent to the boot server or authentication server 
and messages received from the boot server or authentication server and processed by 
the computer system during a pre-boot initialization phase of the computer system to 
authenticate the boot server; 

sending a request to the boot server to download an OS boot image from the 
boot server if it is authenticated; 

downloading the OS boot image from the boot server; and 
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loading the OS boot image into memory of the computer system , wherein a 
shared secret is stored at the computer system and at the boot server, wherein the boot server 
is authenticated by execution of the firmware instructions to further perform operations 
including: 

generating a random value at the computer system: 
transmitting the random value to the boot server: 

receiving an encrypted value at the computer system, the encrypted value encrypted 
at the boot server using the random value and the shared secret stored by the boot server: 

decrypting the encrypted value at the computer system using the shared secret stored 
by the computer system: and 

comparing the random value with the encrypted value that is decrypted . 

24. (Currently Amended) The tangibl e machine-readable media of claim 23, wherein the 
media comprises a firmware storage device and the instructions comprise firmware 
instructions. 

25. (Currently Amended) The tangible machine-readable media of claim 23, wherein 
execution of the instructions performs the fiirther operation of broadcasting a boot server 
discovery message to locate the boot server. 

26. (Canceled). 

27. (Currently Amended) The tangibl e machine-readable media of claim [[26]] 23, 
wherein execution of the instructions performs the further operations of: 

encrypting the shared secret stored at the computer system; and 
sending the shared secret in encrypted form to one of the boot server or an 
authentication proxy for the boot server. 
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28. (Currently Amended) The tangibl e machine-readable media of claim 23, wherein the 
boot server is authenticated using an authenticated dynamic host configuration protocol 
(DHCP) message exchange process. 

29. (Currently Amended) The tangible machine-readable media of claim 28, wherein 
execution of the instructions further performs authentication of the computer system via the 
authenticated DHCP message exchange process. 

30. (Currently Amended) The tangibl e machine-readable media of claim 23, wherein 
execution of the instructions further performs the operations of: 

generating a user interface on the computer system via which a user can enter 
authentication credentials; 

generating [[a]] the shared secret based on the authentication credentials; and 
sending the shared secret to the boot server or authentication server. 
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